Infrastructure Security Developer
Wealthsimple is on a mission to help everyone achieve financial freedom, no matter who they are or how much they have. Using smart technology, Wealthsimple takes financial services that are often confusing, opaque and expensive and makes them simple, transparent, and low-cost. We're the company behind some of Canada's leading digital financial products, and are growing faster than ever.
Our team is reimagining what it means to manage your money. Smart, high-performing team members will challenge you to learn and grow every day. We value great work and great ideas — not ego. We're looking for talented people who love a fast-paced environment, and want to ship often and make an impact with groundbreaking ideas.
We’re a remote-first team and output is more important than face time, so where you choose to work is up to you — as long as you have internet access, you can work from anywhere in Canada. Be a part of our Canadian success story and help shape the financial future of millions — join us! Read our Culture Manual and learn more about how we work.
About the Team:
The Infrastructure Security team is a specialized group with a mix of cloud infrastructure, networking, scripting and security skillsets who work together to deploy and manage a wide variety of tools and processes to ensure Wealthsimple’s systems and data are secure. We manage a variety of Wealthsimple’s security stack such as identity and access management, endpoint detection and response, logging and alerting (specifically related to security use cases), workflow automation, web application firewalls, virtual private networks, and a range of cloud services.
We understand that the lists below may seem overwhelming but don't worry, we don't expect you to be an expert in all of them. Instead, we value your unique combination of skills and experiences.
In this role, you will have the opportunity to:
- Further secure our infrastructure, by reviewing and improving network and system security, investigating threats, testing our security posture and recommending security best practices
- Develop and implement comprehensive infrastructure security strategies, policies, and procedures to safeguard the organization's networks, systems, and data
- Collaborate with cross-functional teams to design and implement security controls and measures to protect against unauthorized access, data loss, and other security threats
- Build, manage and improve resources for alerting, logging, and monitoring
- Develop and maintain Infrastructure as Code
- Stay up-to-date with the latest security technologies, trends, and best practices, and make recommendations for their implementation
- Guide our developers in building secure environments that are in-line with security’s best practices
We want you to:
- Have experience and a deep understanding of administering networks, specifically deploying and managing VPNs, SSL decryption and troubleshooting networking issues using packet captures
- Have experience with cloud security tools including a deep understanding of AWS Elastic Kubernetes Service and AWS IAM
- Have experience implementing data loss prevention tools and policies
- Be able to clearly and effectively communicate, internally and externally, security best practices and strategy
- Take ownership of finding & implementing optimal solutions to problems, using subject matter experts as required, and seeing these initiatives through
- Value open communication and working on an exceptionally transparent, debate-and-feedback-driven team
- Agree that established and boring tools are great, but looking forward and embracing change, new tools, and different perspectives is just as important
- Is eager to teach and learn from their team. We value making others successful!
We would love for you to:
- Possess strong experience with writing and auditing Infrastructure as Code, specifically Terraform
- Have knowledge regarding the range of services offered by AWS in the security domain
- Have experience working in a micro-service architecture environment that’s backed by databases using AWS Aurora PSQL or Oracle
- Have experience in testing web applications or a bug bounty profile (such as HackerOne or Bug Crowd) and how infrastructure may get affected as a result of application vulnerabilities
- Have knowledge of security frameworks such as CIS Benchmarks, SOC2, PCI, or NIST
- Have any of the following certifications: CCNP Security, CISSP, CEH, Security+, AWS Certifications (SysOps Administrator/Solutions Architect/Security/Advanced Networking) or GSEC
Why Wealthsimple?
- Competitive Salary with top-tier health benefits and life insurance
- Retirement savings matching plan using Wealthsimple Work
- 20 vacation days per year and unlimited sick and mental health days
- Company equity for full-time employees
- Paid parental leave (6 months topped up to 100% of salary)
- Up to $1500 per year towards wellness and professional development budget each
- 90 days away program: Eligible employees can work internationally for up to 90 days per calendar year
- Employee Resource Groups
At Wealthsimple, we are building products for a diverse world and we need a diverse team to do that successfully. We strongly encourage applications from everyone regardless of race, religion, colour, national origin, gender, sexual orientation, age, marital status, or disability status. Wealthsimple provides an accessible candidate experience. If you need any accommodations or adjustments throughout the interview process and beyond, please let us know.